As more companies continue to embrace the Industrial Internet of Things (IIoT), hackers are paying close attention. IoT devices, used to exchange and convey sensitive data have become prime targets for opportunistic hackers in 2023.
According to the Australian Bureau of Statistics, the number of businesses falling victim to cyberattacks has in fact doubled over the past three years. “In 2020, one in 10 businesses were privy to cyberattacks, while in 2023, it was one in five. This figure shows that cybercrime is increasing significantly as hackers spot more opportunity,” explains Jim Wallace, Sales Manager at Balluff Australia and member of Open IIoT
Open IIoT is a cohort of some of Australia’s most prominent automation brands, with current members SMC Corporation Australia & New Zealand, ARGUS, NORD DRIVESYSTEMS, Beckhoff Australia, Balluff. The group is focused on IIoT advocacy and increased Industry 4.0 implementation across the country and notes with concern the uptick in cybersecurity threats over the last two years.
Jim shares that.
“Once a hacker gains entrance into an IIoT network they can gain control of any exposed devices connected to the system and use this interconnected gateway to compromise other devices and even the network itself,” he says.
The real-world impact of this kind of crime is devastating. A successful attack on an IIoT network can cripple a manufacturing facility for days and incur hundreds of thousands of dollars in costs.
Designing an IIoT-specific security framework
Jim stresses that because IIoT networks are so vulnerable to interception, the underlying architecture is critical. “To safeguard these networks, companies must adopt a security strategy distinct from that of enterprise data networks,” he says. This begins by implementing robust authentication mechanisms to ensure that only authorised users and devices can access the IIoT system. Here, Jim recommends defining and enforcing standard authorisation policies for controlling access to sensitive data and functionalities.
Further security measures include ensuring that all data travelling on the IIoT network is end-to-end encrypted and only accessible by designated staffers with an encryption key. Segmentation, which limits access by separating which devices are connected to certain parts of the network, prevents hackers from infiltrating the entire network.
“To bolster network defence, scrutinising inbound data traffic identifies potential DDoS attacks, while monitoring outbound traffic empowers IT staff to swiftly pinpoint compromised devices and take immediate defensive actions,” adds Jim.
Ensuring the integrity of stored data
Implementing mechanisms like checksums or hash functions can detect any unauthorised modifications or tampering with stored data. “Don’t forget about data lifecycle management here – you should have a strategy for securely disposing of obsolete data to ensure that it can’t be compromised,” says Jim.
“In a worst-case scenario, cybersecurity breaches can mean a widespread loss of data. To mitigate loss and system disruptions. have a robust data backup and recovery strategy – and test it regularly to ensure recovery effectiveness.”
Rethinking your approach to IIoT security
Protecting the integrity of your IIoT-enabled devices and networks is an ongoing process that doesn’t end once the network’s system architecture has been reinforced as outlined above. Instead, Jim believes that manufacturers will need to adopt a ‘security first’ mindset to their everyday processes – an approach that should include the following measures:
- Employee Training: All employees should receive regular training on cybersecurity best practice and adhering to policies. As an added layer of protection, staffers should have passwords with multi-factor authentication and change these passwords on a monthly basis.
- Monitoring and Anomaly Detection: Continuous monitoring of IIoT systems can detect any unusual activity or anomalies that may indicate a security breach.
- Incident Response: A clearly-defined incident response plan must be in place to address any threats promptly, with steps that must be followed.
- Vendor Security: The security measures of all IIoT vendors should be reviewed, with manufacturers encouraged to evaluate their track record and select the vendor with the highest level of protection.
“Remember that IIoT data processing and storage must be compliant with regulatory standards to protect privacy and proprietary information. In Australia these regulations differ from state to state, so I recommend consulting with an expert, such as our Open IIoT members, in to ensure all standards are met,” concludes Jim.
These topics are discussed in detail on the new Industry 4.0 and Beyond Podcast by Open IIoT. Find all episodes of the Industry 4.0 and Beyond podcast on our website at https://openiiot.com.au/open-iiot-podcast/ or on your preferred streaming platform.
Contact us at: admin@openiiot.com.au
Podcast produced by Tim Allan - podcastcentral.com.au
Content Production by Positiv Pty Ltd - www.positivltd.com